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DETAILED ACTION 

1. Claims 1, 2, 10, 15, and 16 have been amended. 

2. Claims 1-16 have been re-examined and are pending with this action. 

Claim Rejections - 35 USC §112 

3. Claims rejected under 35 U.S.C. 1 1 2, 2 nd regarding insufficient antecedent basis, 
have been withdrawn. However, Claim 1 is rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and. distinctly claim the 
subject matter which applicant regards as the invention. 

The claim is indefinite, failing to conform to current U.S. practice. They appear to 
be a literal translation into English from a foreign document and are replete with 
grammatical and idiomatic errors. The elements of claim 1 recite, "without the use of 
cookies", then at the last line recite "and the use of cookies". Either appropriate comma 
needs to be present or the sentence needs to be re-phrased. To evaluate the invention 
better, the examiner will conclude the last sentence to mean: "to eliminate the need for 
the user to provide separate login information and to eliminate the use of cookies when 
connecting to the second server via... ". 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1 999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 

4. Claims 1-3 and 9-11 are rejected under 35 U.S.C. 102(e) as being anticipated by 

Sampson et al. (US 6,339,423 B1 ). 

INDEPENDENT: 

As per claim 1, Sampson teaches a method for providing an automated login for 
a user connecting to a server, wherein the server comprises a first server of a plurality 
of servers that are connected via a computer network (see Fig.1 and Fig.2), the method 
comprising steps of: 

receiving a connection to the user via a client data terminal (see col.1, lines 53- 
63 and col .4, lines 24-35); 



Application/Control Number: 09/71 8,583 Page 4 

Art Unit: 2155 

accessing the first server by the user after being authenticated (see col .2, lines 
13-24 and col .4, lines 36-40); 

selecting from the first server a computer input mark (see col.5, line 41 and col.8, 
line 20: "Multi-Domain Token") to a second server and assigning a first identifier and 
underlying second identifier associated with the first server of the input mark (see col.7, 
lines 24-36 & 49-50 and col.8, lines 20-31); and 

authenticating, without the use of cookie (see col.5, lines 11-16 & 31-37), the 
user and the first server and allowing access to the second server (see col. 3, lines 28- 
30; col.4, lines 36-40; and col.5, lines ), without requesting a cookie from the client (see 
col.5, lines 11-16 & 31-37) if the identifier is authenticated to eliminate the need for the 
user to provide separate login information (see col.4, lines 16-18 and col.5, line 16: 
"causing the user to log-in again") when connecting to the second server via the input 
mark (see col.5, line 41 and col.8, line 20: "Multi-Domain Token") and the use of 
cookies. 

As per claim 10, Sampson teaches a method for providing an automated login 
for a user logging onto a host web site (see Fig.1 and Fig.2), the method comprising 
steps of: receiving a connection to a user (see coi.1 , lines 53-63 and col.4, lines 24-35) 
via an affiliated web site (see Fig.1 ); accessing the first server by the user after being 
authenticated (see col.2, lines 13-24 and col.4, lines 36-40); selecting from the host web 
site a computer input mark (see col.5, line 41 and col.8, line 20: "Multi-Domain Token") 
having a hyperlink to a second web site (inherent: see col.7, lines 49-50 and col.8, lines 
29-31) and assigning a personal identifier and an underlying provider identifier 
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associated with the host web site of the input mark (see col.7, lines 24-36 & 49-50 and 
col. 8, lines 20-31 ); and allowing the user access to the host web site (see col. 3, lines 
28-30; col.4, lines 36-40; and col.5, lines ), without requesting a cookie from the user 
(see col.5, lines 1 1-16 & 31-37), based on the received identifier if the identifier is 
authenticated (see col.5, lines 41-44) to eliminate the need for the user to provide 
separate login information (see col.4, lines 16-18 and col.5, line 16: "causing the user to 
log-in again") when connecting to the second web site via the hyperlink of the input 
mark (see col.5, line 41 and col. 8, line 20: "Multi-Domain Token") and without the use of 
a cookie. 
DEPENDENT: 

As per claim 2, Sampson further teaches wherein the second identifier 
comprises a provider identifier associated with the second server (see col.7, lines 48- 
50) and the first identifier comprises a personal identifier assigned to the user by the 
second server (inherent: regardless of the token, the user must be a known and 
identified user in a "protected server 205", see col. 8, lines 20-21). 

As per claim 3, Sampson further teaches wherein the step of authenticating the 
user comprises a step of allowing a user access to a service provided by the first server 
after an initial registration by the user (see claim 1 rejection above and col.4, lines 36- 
40). 

As per claim 9, Sampson teaches of further comprising a step of assigning, by 
the first server and during the first connection, a personal identifier to the user (inherent: 
see col.2, lines 16-20). 
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As per claim 11, Sampson further teaches wherein the personal identifier is 
provided to the second web site via a transparent login process after the user 
disconnects and then later reconnects to the second web site (see col .4, lines 36-40: 
"via a browser"). 

5. Claims 4-8 and 12-16, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sampson et al. (US 6,339,423 B1) in view of Goldberg et al. (US 
5,823,879 A). 

As per claims 4 and 12, Sampson further teaches wherein the step of receiving 
a connection comprises a step of receiving a second connection to a user via a client 
data terminal (see abstract: "A first server for a first domain transmits a data token to a 
client seeking access to a resource in a second domain. The client transmits the data 
token to a second server in the other domain."), wherein the step of selecting from the 
first server a computer input mark comprises a step of receiving, during the second 
connection, a provider identifier associated with a second server of the plurality of 
servers (see above and col.7, lines 48-50), and a step of receiving, during the second 
connection (see col. 5, lines 35-37), a personal identifier assigned to the user by the 
second server (inherent: see col. 5, lines 6-7; regardless of the token, the user must be a 
known and identified user in a "protected server 205", see col.8, lines 20-21), and 
further comprising steps of: receiving a first connection to the user via a client data 
terminal, wherein the first connection is first in time relative to the second connection 
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(see col.7, lines 23-36); receiving, during the first connection, an identifier associated 
with the second server (see abstract: "A first server for a first domain transmits a data 
token to a client seeking access to a resource in a second domain."); storing the 
identifier (see col.12, line 66 to col. 13, line 2); and wherein the step of authenticating the 
user comprises a step of matching the stored identifier with the identifier received during 
the second connection (see col. 8, lines 35-44). 

Sampson does not explicitly teach of a means for receiving registration 
information during the first connection from a user of the client data terminal, and a 
means for storing the received registration information. Goldberg teaches of a means 
for receiving registration information during the first connection from a user of the client 
data terminal (see col. 5, lines 12-19), and a means for storing the received registration 
information (see col.7, line 67-col.8, line 27). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to employ the teachings of Goldberg within the system of Sampson 
by implementing a means for receiving and storing registration information from a user 
of the client data terminal within the server because Goldberg teaches that by 
registering, the server can employ "a distinct identification" to identify each user and 
also "use in selection criteria by sponsors or advertisers" (see col. 5, lines 4-13). It is 
well known in the art that a plurality of web sites employ registration of new users for 
such purposes and because Sampson teaches that "access information is created and 
stored" (see col.5, lines 6-7). 
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As per claims 5 and 13, Sampson further teaches wherein the identifier received 
during the first connection and the identifier received during the second connection each 
comprises a provider identifier associated with a second server (or affiliated web site) 
and a personal identifier assigned to the user by the second server (see claim 2 
rejection above). 

As per claim 6, Sampson further teaches wherein the step of storing comprises 
steps of: creating a user profile (see col.5, lines 6-7); and storing the identifier (see 
col .5, lines 6-7), but Sampson does not explicitly teach of storing the registration 
information in the user profile. Goldberg teaches wherein the step of storing comprises 
storing the registration information in the user profile (see col .21, line 63- col.22, line 15 
and col.22, lines 35-43). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to employ the teachings of Goldberg within the system of Sampson 
by implementing storing the registration information in the user profile within the within 
the method for providing an automated login for a user connecting to a server because 
the use of user profile assists in the identification of an individual. 

As per claim 7, Sampson teaches of further including steps of: requesting, during 
the first connection, consent of the user to use the identifier associated with the second 
server (inherent); and receiving the requested consent (inherent: see col. 4, lines 36-40). 

As per claim 8, Sampson does not explicitly teach wherein the registration 
information comprises at least one of a user name, user post office address, user 
telephone number, and user electronic mail address. Goldberg teaches of wherein the 
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registration information comprises at least one of a user name, user post office address, 
user telephone number, and user electronic mail address (see col.5, lines 12-19). 

As per claim 14, Sampson further teaches wherein the registration information 
and identifier received with respect to the first connection is stored in a database (see 
Fig. 2: "Multi-Domain Token server 208"), and wherein the step of allowing comprises 
steps of: searching the database for an identifier that matches the identifier received 
with respect to the second connection (inherent); and when a matching identifier is 
located, allowing the user access to the host web site (see col.8, lines 35-44). 

As per claim 15, Sampson teaches a server (see Fig.1 and Fig.2) comprising: a 
means for receiving a first connection and a second connection to a client data terminal, 
wherein the first connection is first in time relative to the second connection (see col.7, 
lines 23-26); a means for accessing the first server by the user after being authenticated 
(see col .2, lines 13-24 and col.4, lines 36-40); a means for selecting from the first 
connection a computer input mark (see col.5, line 41 and col.8, line 20: "Multi-Domain 
Token") having a hyperlink to the second connection (inherent: see col.7, lines 49-50 
and col.8, lines 29-31); a means for receiving a personal identifier and a provider 
identifier (see col.7, lines 24-36 & 49-50 and. col.8, lines 20-31) each associated with an 
affiliated server during a first connection, which affiliated server was visited by the user 
prior to the server receiving the first connection to the client data terminal (see abstract); 
a means for storing the personal identifier (see col.5, lines 6-7); a means for receiving 
an the provider identifier during the second connection (see col.7, lines 49-50); and a 
means for authenticating the user during the second connection based on the personal 
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and provider identifiers received during the second connection and allowing access to 
the second connection if both identifiers are authenticated to eliminate the need for the 
user to provide separate login information when connecting to the second connection 
via the hyperlink of the input mark (see col .8, lines 32-44) and to eliminate the use of 
cookies during authentication and connection (see col. 5, lines 14-16 & 32-37). 

Sampson does not explicitly teach of a means for receiving registration 
information during the first connection from a user of the client data terminal, and a 
means for storing the received registration information. Goldberg teaches of a means 
for receiving registration information during the first connection from a user of the client 
data terminal (see col. 5, lines 12-19), and a means for storing the received registration 
information (see col.7, line 67-col.8, line 27). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to employ the teachings of Goldberg within the system of Sampson 
by implementing a means for receiving and storing registration information from a user 
of the client data terminal within the server because Goldberg teaches that by 
registering, the server can employ "a distinct identification" to identify each user and 
also "use in selection criteria by sponsors or advertisers" (see col. 5, lines 4-13). It is 
well known in the art that a plurality of web sites employ registration of new users for 
such purposes and because Sampson teaches that "access information is created and 
stored" (see col. 5, lines 6-7). 

As per claim 76, Sampson further teaches wherein the personal identifier is 
provided to the second connection via a transparent login process after the user 
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disconnects and then later reconnects to the second connection (see col .4, lines 36-40: 
"via a browser"). 



Response to Remarks 

6. Applicants arguments with respect to the rejections of claims 1,10, and 15 have 
been considered but are moot in view of the new ground(s) of rejection. The newly 
cited reference Sampson et al. (US 6,339,423 A) teaches of an authentication process 
wherein the user is authenticated by an "access control system" by using known means 
in a first domain server (see col.2, lines 16-28 and col.3, lines 20-25). Sampson further 
teaches the novel aspect of his invention wherein rather than cookies comprising of 
identification information, a "Multi-Domain Token" is employed allowing the user to 
access via a browser multiple different domains (see col.3, lines 25-28) without having 
to transmit cookies or without having to log-in again (see col. 5, lines 11-16). Sampson 
suggest that the "Multi-Domain Token" can comprise of variety of data elements (ID'S, 
URL's, hash values, ect.) and is not limited to contain any particular data sets (see 
col. 8, lines 18-28). Therefore, Sampson alone and in combination with Goldberg et al. 
(US 5,823,879 A) teach all the limitations of claim 1 -1 6. 
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7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael Y. Won whose telephone number is 571-272- 
3993. The examiner can normally be reached on M-Th: 7AM-5PM. 

The fax phone number for the organization where this application or proceeding 
is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Michael Won 
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PRIMARY EXAMINER 
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